ProHoster > Ibhulogi > Ulawulo > Izikhongozeli, ii-microservices kunye ne-meshes zenkonzo

Izikhongozeli, ii-microservices kunye ne-meshes zenkonzo

Kwi-intanethi iqela amanqaku ΠΎ umnatha wenkonzo (umnatha wenkonzo), kwaye nantsi enye. Uxolo! Kodwa kutheni? Emva koko, ndifuna ukuvakalisa uluvo lwam ukuba bekuya kuba ngcono ukuba i-meshes yenkonzo ibonakala kwiminyaka eyi-10 eyadlulayo, ngaphambi kokufika kwamaqonga e-container afana ne-Docker kunye ne-Kubernetes. Anditsho ukuba imbono yam ingcono okanye imbi kunabanye, kodwa ekubeni i-meshes zenkonzo zizilwanyana ezintsonkothileyo, iimbono ezininzi ziya kunceda ukuziqonda ngcono.

Ndiza kuthetha ngeqonga le-dotCloud, elakhiwe phezu kwee-microservices ezingaphezu kwekhulu kwaye lixhasa amawaka ezicelo eziqulathiweyo. Ndiza kuchaza imiceli mngeni esijongene nayo ekuyiphuhliseni nasekuyisunguleni, kunye nendlela iimeshes zenkonzo ezinokuthi (okanye azinakunceda) ngayo.

Imbali yedotCloud

Ndibhalile malunga nembali ye-dotCloud kunye nokukhetha koyilo lweli qonga, kodwa khange ndithethe kakhulu malunga nomaleko womnatha. Ukuba awufuni ukuntywila ekufundeni inqaku lokugqibela malunga ne-dotCloud, nantsi ingongoma ngokufutshane: yi-PaaS iqonga-njengenkonzo evumela abathengi ukuba baqhube uluhlu olubanzi lwezicelo (i-Java, i-PHP, i-Python ...), ngenkxaso yoluhlu olubanzi lwedatha. iinkonzo (i-MongoDB, i-MySQL, i-Redis ...) kunye ne-workflow efana ne-Heroku: Ulayisha ikhowudi yakho kwiqonga, yakha imifanekiso yesikhongozeli kwaye ihambisa.

Ndiza kukuxelela ukuba i-traffic iqondiswe njani kwiqonga le-dotCloud. Akunjalo ngenxa yokuba yayipholile kakhulu (nangona inkqubo yayisebenza kakuhle ngexesha layo!), kodwa ngokuyintloko ngenxa yokuba ngezixhobo zanamhlanje uyilo olunjalo lunokuphunyezwa ngokulula ngexesha elifutshane liqela elithobekileyo ukuba bafuna indlela yokuhambisa i-traffic phakathi kweqela. yee-microservices okanye iqela lezicelo. Ngale ndlela, unokuthelekisa iinketho: kwenzeka ntoni ukuba uphuhlisa yonke into ngokwakho okanye usebenzisa i-mesh yenkonzo ekhoyo. Ukukhetha okusemgangathweni kukwenza ngokwakho okanye ukuyithenga.

Indlela yetrafiki yezicelo ezisindlekwe

Usetyenziso kwi-dotCloud lunokuveza i-HTTP kunye ne-TCP endpoints.

Isiphelo seHTTP yongezwe ngamandla kuqwalaselo lweqela lokulinganisa lomthwalo I-Hipache. Oku kuyafana noko kwenziwa ngoovimba namhlanje Ingress kwi-Kubernetes kunye ne-balancer yomthwalo njenge Traefik.

Abathengi baxhuma kwii-endpoints ze-HTTP ngokusebenzisa imimandla efanelekileyo, ngaphandle kokuba igama lesizinda likhomba kwi-dotCloud ibhalansi yomthwalo. Akukho nto engcono.

Isiphelo se-TCP eyanyaniswa nenombolo yezibuko, ethi ke igqithiselwe kuzo zonke izikhongozeli ezikweso sitaki ngokutshintsha kwemeko-bume.

Abathengi banokuqhagamshela kwiisiphelo ze-TCP besebenzisa igama lomamkeli elifanelekileyo (into efana nesango-X.dotcloud.com) kunye nenombolo yezibuko.

Eli gama lenginginya ligqiba kwi "nats" iqela leseva (elinganxulumananga ne NATS), eya kuthutha uxhulumaniso lwe-TCP olungenayo kwisitya esichanekileyo (okanye, kwimeko yeenkonzo ezilinganisiweyo zomthwalo, kwiibhokisi ezichanekileyo).

Ukuba uqhelene noKubernetes, oku kuya kukukhumbuza ngeeNkonzo I-NodePort.

Kwakungekho nkonzo zilinganayo kwiqonga le-dotCloud ClusterIP: Ukuze kube lula, iinkonzo bezifikelelwa ngendlela efanayo ngaphakathi nangaphandle kweqonga.

Yonke into yayicwangciswe ngokulula: ukuphunyezwa kokuqala kwe-HTTP kunye ne-TCP yothungelwano lomzila mhlawumbi yayingamakhulu ambalwa emigca yePython nganye. Ii-algorithms ezilula (ndingatsho) eziye zacokiswa njengoko iqonga likhula kwaye kwavela iimfuno ezongezelelweyo.

Ukuhlengahlengiswa okubanzi kwekhowudi ekhoyo bekungeyomfuneko. Ukuthi ngqo, 12 factor apps inokusebenzisa ngokuthe ngqo idilesi efunyenwe ngokuguquguquka kokusingqongileyo.

Ngaba oku kwahluke njani kumnatha wenkonzo wale mihla?

Ilinganiselwe ukubonakala. Besingenazo naziphi na iimetrics ze-TCP routing mesh kwaphela. Xa kuziwa kumzila we-HTTP, iinguqulelo zamva zazisa i-metrics ye-HTTP eneenkcukacha kunye neekhowudi zephutha kunye namaxesha okuphendula, kodwa i-meshes yenkonzo yanamhlanje iqhubela phambili, inika ukuhlanganiswa kunye neenkqubo zokuqokelela i-metrics ezifana ne-Prometheus, umzekelo.

Ukubonakala kubalulekile kungekuphela nje kwimbono yokusebenza (ukunceda ukuxazulula iingxaki), kodwa naxa ukhulula iimpawu ezintsha. Imalunga nokhuseleko ukusasazwa blue-green ΠΈ ukusasazwa kwe-canary.

Ukusebenza kakuhle kwendlela nayo ilinganiselwe. Kwi-dotCloud ye-mesh yomzila, zonke iitrafikhi kwafuneka zidlule kwiqela leendawo ezizinikezeleyo zokuhamba. Oku kuthetha ukuwela imida emininzi ye-AZ (iNdawo yokuFumana) kunye nokwandisa kakhulu ukubambezeleka. Ndikhumbula ikhowudi yokulungisa ingxaki eyayisenza ngaphezulu kwekhulu lemibuzo yeSQL ngephepha kwaye ivula umdibaniso omtsha kwiseva yeSQL kumbuzo ngamnye. Xa usebenza kwindawo, iphepha lilayisha ngokukhawuleza, kodwa kwi-dotCloud kuthatha imizuzwana embalwa ukulayisha kuba uxhulumaniso ngalunye lwe-TCP (kunye nombuzo olandelayo we-SQL) luthatha amashumi e-milliseconds. Kule meko, unxibelelwano oluzingileyo luyisombulule ingxaki.

I-meshes yenkonzo yanamhlanje ingcono ekujonganeni neengxaki ezinjalo. Okokuqala, bajonga ukuba unxibelelwano luhamba ngendlela kumthombo. Ukuqukuqela okusengqiqweni kuyafana: ΠΊΠ»ΠΈΠ΅Π½Ρ‚ β†’ мСш β†’ сСрвис, kodwa ngoku i-mesh isebenza kwindawo kwaye kungekhona kwiindawo ezikude, ngoko uxhulumaniso ΠΊΠ»ΠΈΠ΅Π½Ρ‚ β†’ мСш yeyasekhaya kwaye ikhawuleza kakhulu (ii-microseconds endaweni yee-milliseconds).

Iimeshes zenkonzo zanamhlanje zikwaphumeza i-algorithms yokulinganisa imithwalo ekrelekrele. Ngokubeka iliso kwimpilo yee-backends, banokuthumela i-traffic engaphezulu kwii-backends ezikhawulezayo, okukhokelela ekuphuculweni komsebenzi jikelele.

Khu seleko ngcono kakhulu. I-dotCloud ye-mesh yomzila iqhube ngokupheleleyo kwi-EC2 ye-Classic kwaye ayizange ifihle i-traffic (ngokusekwe kwingcinga yokuba ukuba umntu wakwazi ukubeka i-sniffer kwi-traffic ye-EC2 yenethiwekhi, sele usengxakini enkulu). Iimeshi zenkonzo zanamhlanje zikhusela ngokusekuhleni zonke iitrafikhi zethu, umzekelo, ngokungqinisisa kwe-TLS kunye noguqulelo oluntsonkothileyo.

Ukuhanjiswa kwendlela yeenkonzo zeqonga

Kulungile, sixoxe ngetrafikhi phakathi kwezicelo, kodwa kuthekani ngeqonga ledotCloud ngokwalo?

Iqonga ngokwalo laliquka malunga nekhulu leenkonzo ezincinci ezinoxanduva lwemisebenzi eyahlukeneyo. Abanye bazamkela izicelo ezisuka kwabanye, kwaye abanye babengabasebenzi basemva abaqhagamshele kwezinye iinkonzo kodwa abalwamkeli uqhagamshelo ngokwabo. Kwimeko nayiphi na into, inkonzo nganye kufuneka izazi iziphelo zeedilesi ekufuneka ziqhagamshelwe kuzo.

Iinkonzo ezininzi ezikwinqanaba eliphezulu zinokusebenzisa umnatha womzila ochazwe ngasentla. Ngapha koko, uninzi lwee-microservices ze-dotCloud ezingaphezulu kwekhulu ziye zabekwa njengezicelo eziqhelekileyo kwiqonga le-dotCloud ngokwalo. Kodwa inani elincinci leenkonzo ezikumgangatho ophantsi (ingakumbi ezo ziphumeza le mesh yomzila) zazifuna into elula, enokuxhomekeka okumbalwa (ekubeni babengakwazi ukuxhomekeka kubo ukuba basebenze - ingxaki endala yenkukhu kunye neqanda).

Ezi nkonzo zikumgangatho ophantsi, ezibaluleke kakhulu kubuthunywa ziye zasetyenziswa ngokuqhuba izikhongozeli ngokuthe ngqo kwiindawo eziphambili ezimbalwa. Kule meko, iinkonzo zeqonga eziqhelekileyo azizange zisetyenziswe: umnxibelelanisi, umcwangcisi kunye nomgijimi. Ukuba ufuna ukuthelekisa kumaqonga eekhonteyina zanamhlanje, kufana nokuqhuba inqwelomoya yokulawula nge docker run ngqo kwiindawo, endaweni yokunikezela umsebenzi ku-Kubernetes. Iyafana ngengqiqo iimodyuli ezimileyo (iipods), eyisebenzisayo kubeadm okanye bootkube xa uqalisa iqela elizimeleyo.

Ezi nkonzo ziye zavezwa ngendlela elula nekrwada: ifayile yeYAML idwelise amagama needilesi zazo; kwaye umxhasi ngamnye kwafuneka athathe ikopi yalefayile yeYAML ukuze abekwe.

Kwelinye icala, ithembeke kakhulu kuba ayifuni nkxaso yesitshixo sangaphandle/ivenkile yexabiso efana neZookeeper (khumbula, etcd okanye Consul wayengekho ngelo xesha). Kwelinye icala, kwenza kube nzima ukuhambisa iinkonzo. Ngalo lonke ixesha kusenziwa intshukumo, bonke abaxumi babeza kufumana ifayile ye-YAML ehlaziyiweyo (kwaye inokwenzeka ukuba bayiqalise kwakhona). Ayikhululekanga kakhulu!

Emva koko, saqala ukuphumeza iskimu esitsha, apho umxhasi ngamnye uqhagamshelwe kumncedisi wommeleli wendawo. Esikhundleni sedilesi kunye ne-port, kufuneka kuphela ukwazi inombolo ye-port yenkonzo, kwaye udibanise nge localhost. Ummeli wasekhaya uphatha olu xhulumaniso kwaye alugqithisele kumncedisi wokwenene. Ngoku, xa uhambisa i-backend komnye umatshini okanye ukulinganisa, endaweni yokuhlaziya bonke abathengi, kufuneka uhlaziye kuphela zonke ezi proxies zendawo; kwaye ukuqalisa ngokutsha akusafuneki.

(Kwaye kwacwangciswa ukuba kufakwe i-traffic kuqhagamshelo lwe-TLS kunye nokubeka omnye umncedisi we-proxy kwicala lokufumana, kunye nokuqinisekisa iziqinisekiso ze-TLS ngaphandle kokuthatha inxaxheba kwinkonzo yokufumana, eqwalaselwe ukwamkela imidibaniso kuphela. localhost. Okungakumbi malunga noku kamva).

Oku kufana kakhulu ne I-SmartStack ukusuka ku-Airbnb, kodwa umahluko omkhulu kukuba i-SmartStack iphunyeziwe kwaye ifakwe kwimveliso, ngelixa inkqubo ye-dotCloud yangaphakathi yayigcinwe xa i-dotCloud yaba yi-Docker.

Mna ngokwam ndicinga ukuba i-SmartStack ibe ngomnye wabanduleli kwiinkqubo ezifana ne-Istio, i-Linkerd kunye ne-Consul Connect kuba zonke zilandela iphethini efanayo:

  • Sebenzisa ummeli kwindawo nganye.
  • Abathengi baqhagamshela kwi-proxy.
  • Inqwelomoya yolawulo ihlaziya uqwalaselo lommeli xa i-backends itshintsha.
  • ... Inzuzo!

Ukuphunyezwa kwale mihla komnatha wenkonzo

Ukuba besifuna ukusebenzisa igridi efanayo namhlanje, sinokusebenzisa imigaqo efanayo. Umzekelo, misela indawo ye-DNS yangaphakathi ngokwenza imephu yamagama enkonzo kwiidilesi ezikwisithuba 127.0.0.0/8. Emva koko sebenzisa i-HAProxy kwindawo nganye kwiqela, ukwamkela imidibaniso kwidilesi nganye yenkonzo (kuloo subnet 127.0.0.0/8) kunye nokuqondisa kwakhona / ukulungelelanisa umthwalo kwii-backend ezifanelekileyo. Uqwalaselo lwe-HAProxy lunokulawulwa confd, ikuvumela ukuba ugcine ulwazi lokungasemva kwi- etcd okanye kwi-Consul kwaye utyhale ngokuzenzekelayo uqwalaselo oluhlaziyiweyo kwi-HAProxy xa kufuneka.

Le intle kakhulu indlela i-Istio esebenza ngayo! Kodwa ngezinye iiyantlukwano:

  • Usebenzisa Ummeli womthunywa endaweni ye-HAProxy.
  • Igcina uqwalaselo lwasemva ngeKubernetes API endaweni ye etcd okanye Consul.
  • Iinkonzo zabelwe iidilesi kwi-subnet yangaphakathi (iidilesi ze-Kubernetes ClusterIP) endaweni ye-127.0.0.0/8.
  • Inecandelo elongezelelweyo (Citadel) ukongeza ungqinisiso lwe-TLS phakathi komxhasi kunye nabancedisi.
  • Ixhasa izinto ezintsha ezinje ngokuqhekeka kwesekethe, ukulandelwa kokusasazwa, ukuhanjiswa kwe-canary, njl.

Makhe sijonge ngokukhawuleza kwezinye zeeyantlukwano.

Ummeli womthunywa

Ummeli womthunywa wabhalwa nguLyft [okhuphisana no-Uber kwimarike yeeteksi - malunga. indlela]. Kuyafana ngeendlela ezininzi kwamanye ama-proxies (umzekelo, i-HAProxy, i-Nginx, i-Traefik ...), kodwa i-Lyft ibhale eyabo ngenxa yokuba idinga iimpawu ezingenayo ezinye ii-proxies, kwaye kwakubonakala kuhlakaniphile ukwenza entsha kunokwandisa ekhoyo.

Umthunywa unokusetyenziswa yedwa. Ukuba ndinenkonzo ethile ekufuneka iqhagamshele kwezinye iinkonzo, ndiyakwazi ukuyiqwalasela ukuba iqhagamshelane noMthunywa, kwaye emva koko uqwalasele ngokuguquguqukayo kwaye uphinde uqwalasele uMthunywa kunye nendawo yezinye iinkonzo, ngelixa ufumana umsebenzi omkhulu owongezelelweyo, njengokubonakala. Endaweni yethala leencwadi labathengi okanye ukutofa umnxeba kwikhowudi, sithumela i-traffic kuMthunywa, kwaye iqokelela iimethrikhi kuthi.

Kodwa uMthunywa uyakwazi ukusebenza njenge inqwelomoya yedatha (inqwelomoya yedatha) yenkonzo yomnatha. Oku kuthetha ukuba uMthunywa ngoku uqwalaselwe le mesh yenkonzo inqwelomoya yokulawula (inqwelomoya yokulawula).

Inqwelomoya yokulawula

Kwinqwelomoya yokulawula, i-Istio ixhomekeke kwi-Kubernetes API. Oku akwahlukanga kakhulu ekusebenziseni i-confd, exhomekeke kwi etcd okanye Consul ukujonga iseti yezitshixo kwindawo yokugcina idatha. I-Istio isebenzisa i-Kubernetes API ukujonga iseti yezixhobo ze-Kubernetes.

Phakathi koku kwaye emva koko: Ndiyifumene iluncedo lento Kubernetes API inkcazeloefundeka ngolu hlobo:

Iseva ye-Kubernetes API "yiseva esisidenge" enikezela ngokugcinwa, uguqulelo, ukuqinisekiswa, ukuhlaziya, kunye nesemantics kwizixhobo ze-API.

I-Istio yenzelwe ukusebenza noKubernetes; kwaye ukuba ufuna ukuyisebenzisa ngaphandle kwe Kubernetes, ngoko kufuneka usebenzise umzekelo we Kubernetes API umncedisi (kunye nenkonzo yomncedi etcd).

Iidilesi zenkonzo

I-Istio ixhomekeke kwiidilesi ze-ClusterIP ezabiwa nguKubernetes, ngoko ke iinkonzo ze-Istio zifumana idilesi yangaphakathi (hayi kuluhlu 127.0.0.0/8).

I-Traffic kwidilesi ye-ClusterIP yenkonzo ethile kwiqela le-Kubernetes ngaphandle kwe-Istio ihlulwe yi-kube-proxy kwaye ithunyelwe kwi-backend yaloo proxy. Ukuba unomdla kwiinkcukacha zobugcisa, i-kube-proxy imisela imithetho ye-iptables (okanye i-IPVS yokulayisha ibhalansi, kuxhomekeke kwindlela eqwalaselwe ngayo) ukuze ubhale kwakhona iidilesi ze-IP zokusingwa zoqhagamshelo oluya kwidilesi ye-ClusterIP.

Nje ukuba i-Istio ifakwe kwi-cluster ye-Kubernetes, akukho nto iguqukayo ide inikwe amandla ngokuthe ngqo kumthengi onikiweyo, okanye indawo yonke yegama, ngokuzisa isitya. sidecar kwiipods eziqhelekileyo. Esi sikhongozeli siya kujikelezisa umzekelo we-Envoy kwaye usete isethi yemithetho ye-iptables ukuthintela i-traffic ukuya kwezinye iinkonzo kwaye uqondise kwakhona loo traffic kuMthunywa.

Xa idityaniswe neKubernetes DNS, oku kuthetha ukuba ikhowudi yethu inokunxibelelana ngegama lenkonzo kwaye yonke into "isebenza nje." Ngamanye amazwi, ikhowudi yethu ikhupha imibuzo efana nale http://api/v1/users/4242ke api Sombulula isicelo 10.97.105.48, imigaqo ye-iptables iya kuthintela uxhulumaniso oluvela kwi-10.97.105.48 kwaye idlulisele kwi-proxy yoMthunywa wendawo, kwaye le proxy yasekhaya iya kuthumela isicelo kwi-backend yangempela ye-API. Phew!

Iifrills ezongezelelweyo

I-Istio ikwabonelela nge-encryption ekupheleni ukuya ekupheleni kunye nokuqinisekiswa nge-mTLS (mutual TLS). Ilungu elibiziweyo elunge.

Kukho kwakhona icandelo Umxube, apho uMthunywa angacela khona wonke umntu isicelo sokwenza isigqibo esikhethekileyo malunga neso sicelo ngokuxhomekeke kwizinto ezahlukeneyo ezifana neeheader, umthwalo osemva, njl.. (ungakhathazeki: zininzi iindlela zokugcina uMxhubi usebenza, kwaye nokuba iyantlitheka, uMthunywa uya kuqhubeka esebenza. kulungile njenge-proxy).

Kwaye, ewe, sikhankanye ukubonakala: Umthunywa uqokelela isixa esikhulu seemethrikhi ngelixa enikezela ngomkhondo osasaziweyo. Kulwakhiwo lwee-microservices, ukuba isicelo esinye se-API kufuneka sidlule kwii-microservices A, B, C, kunye no-D, emva koko emva kokungena, umkhondo osasaziweyo uyakongeza isichongi esisodwa kwisicelo kwaye sigcine esi sichongi ngokusebenzisa izicelo ezincinci kuzo zonke ezi nkonzo ezincinci, ngokuvumela. zonke iifowuni ezinxulumeneyo ziya kubanjwa.ukulibaziseka, njl.

Phuhlisa okanye uthenge

I-Istio inedumela lokuba nzima. Ngokwahlukileyo, ukwakha i-mesh yendlela endiyichaze ekuqaleni kwesi sithuba kulula kakhulu usebenzisa izixhobo ezikhoyo. Ke, ngaba iyavakala ukwenza eyakho i-mesh yenkonzo endaweni yoko?

Ukuba sineemfuno ezithobekileyo (asidingi ukubonakala, i-breaker circuit kunye nezinye izinto ezifihlakeleyo), ngoko iingcamango ziza ekuphuhliseni isixhobo sethu. Kodwa ukuba sisebenzisa iKubernetes, isenokungafuneki kuba iKubernetes sele ibonelela ngezixhobo ezisisiseko zokufunyanwa kwenkonzo kunye nokulinganisa umthwalo.

Kodwa ukuba sineemfuno eziphambili, ke "ukuthenga" i-mesh yenkonzo kubonakala kuyindlela engcono kakhulu. (Oku akusoloko "kukuthenga" kuba i-Istio ingumthombo ovulekileyo, kodwa kusafuneka sityale ixesha lobunjineli ukuze siyiqonde, siyisebenzise kwaye siyilawule.)

Ngaba ndifanele ndikhethe i-Istio, i-Linkerd okanye i-Consul Connect?

Ukuza kuthi ga ngoku sithethe kuphela nge-Istio, kodwa le ayisiyiyo kuphela i-mesh yenkonzo. Enye indlela edumileyo - Linkerd, yaye kukho okungakumbi Consul Connect.

Yintoni oyikhethayo?

Ukunyaniseka, andazi. Okwangoku andiziboni ndinobuchule bokuphendula lo mbuzo. Kukho ezimbalwa umdla amanqaku ngokuthelekisa ezi zixhobo kunye nokuba amanqaku.

Enye indlela ethembisayo kukusebenzisa isixhobo esinje SuperGloo. Isebenzisa umaleko wokuthabatha ukwenza lula kunye nokudibanisa i-APIs evezwe yi-meshes yenkonzo. Endaweni yokufunda okuthe ngqo (kwaye, ngokoluvo lwam, oluntsonkothileyo) ii-APIs zemeshes ezahlukeneyo zenkonzo, sinokusebenzisa iSuperGloo's elula yokwakha- kwaye sitshintshe ngokulula ukusuka kwenye siye kwenye, ngokungathi sinefomathi yoqwalaselo ephakathi echaza ujongano lweHTTP kunye neebackends ezikwaziyo. yokuvelisa olona qwalaselo lweNginx, HAProxy, Traefik, Apache...

Ndiye ndadlala kancinci nge-Istio kunye ne-SuperGloo, kwaye kwinqaku elilandelayo ndifuna ukubonisa indlela yokongeza i-Istio okanye i-Linkerd kwiqela esele likhona usebenzisa i-SuperGloo, kunye nendlela le yokugqibela iwenza ngayo umsebenzi, oko kukuthi, ikuvumela ukuba utshintshe umnatha wenkonzo omnye komnye ngaphandle kokubhala ngaphezulu kolungelelwaniso.

umthombo: www.habr.com

Yongeza izimvo